The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/may25,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

1. Analysis of the SPY ACT
2. Feature - Window Washer
3. CoolWebSearch: "We were framed!"
4. Adobe Reader and the Yahoo Toolbar
5. Free A Frozen Computer
6. Transfer To Wordpress Nearing Completion

Permalink | Top

The US House of Representatives finally has passed the SPY ACT. It is now on its way to the US Senate and, hopefully, from there to the White House.

I have spent two hours going over the text of the act with a magnifying glass. I think I have a grasp of its finer points.

The Good

First, the good points.

I was very worried that this bill was going to become bogged down in a pointless attempt to define spyware. Several times it seemed as if the drafters of the bill were going to try to hang a definition on the word "spyware", then say that software fitting their definition of spyware were committing crimes. It would have provided enormous loopholes and would have entirely ignored browser hijackers, dialers and other undesirable software.

Thankfully, this did not happen. In fact, the word "spyware" hardly is mentioned at all in the bill. Rather than attempting to outlaw a technology, the bill outlaws a set of behavior which the authors of the bill have decided are unacceptable.

Drive-by downloads and browser hijackings are absolutely forbidden. Porn dialers that disconnect a dial-up user from their ISP to make expensive calls to little known nations are forbidden. The act of fooling a person into giving up passwords, credit card numbers and account numbers by publishing a fake internet site, a practice generally known as "phishing", is outlawed. A web site may not lie to a visitor by saying that a plug-in (such as ActiveX or Java) is required to view a page if it is not.

This may not stop all browser hijackings. In fact, it probably won't. However, it does makes it illegal and that makes complaints to web hosts that a customer is hosting a browser hijacker web site something not to be ignored. The people who make money from hijacking browsers probably will not be able to operate within the United States.

If the software is going to display advertisements, all ads must display either the name of the software generating the advertisement or the logo of the company that created the software. If the software is going to collect information from the user, there must be clear disclosure of this fact, separate from any other notice (more on this below). The software's installer must allow the user to decline the installation of the program and the software may not install after the user chooses to decline.

If the user later decides to remove the software, there must be a simple mechanism for doing so (an add/remove entry for instance) and the software cannot interfere in any way with its removal. The software is not allowed to reinstall itself automatically if it is removed.

The loading and/or executing of software to record keystrokes is forbidden without the express, informed consent of the person who owns the machine (more on this below).

The Bad

This bill is far from perfect. In fact, I believe I have spotted at least one obvious loophole.

While logging keystrokes is banned, the bill says nothing about software which captures screenshots, logs the name of programs and documents accessed or web pages which are viewed. I'm not entirely sure that the "no keylogging" provision even bans the use of hardware keyloggers, such as the infamous keycatcher device.

Another bad point of the bill is that it seems unlikely to do much good about the big name adware companies who pretend to be legit, such as Gator/Claria and WhenU.com. Everything outlawed by this bill becomes perfectly legal if the owner of the computer consents to it. The bill attempts to set standards about how disclosure should be made to potential users. It even suggests the language to be used. However, the language may be altered so long as it is "substantially similar" to the suggested language. This leaves open the very likely possibility that these companies will use flowery euphemisms and marketing-speak to try to confuse the user as to what the software actually is going to do.

The Ugly

I have a major problem with some parts of this bill. These problems are so bad that they threaten to make the entire exercise pointless.

The biggest problem with the SPY ACT is that the section on enforcement is ludicrous. Only the Federal Trade Commission or the Attorney General of a state (and, presumably, the US Attorney General) can take action against a company violating the act. Civil lawsuits by the actual victims of persons violating the act are specifically forbidden.

What this means is that if someone manages to sneak a trojan horse virus onto your PC, steals your credit card number and ruins your credit history, you cannot sue the person. Instead, you have to go begging to the FTC or your state's Attorney General and hope someone can take a long enough coffee break to listen to you. This is a major failing and I sincerely hope the Senate deletes this entire section before passing it.

Another very serious problem is that SPY ACT preempts all existing state and local laws related to behavior outlined in the bill. I am not a lawyer, so I am not entirely clear on this point. I believe this means that state laws targeted at spyware will become unenforceable and void if SPY ACT becomes law. If that is the case, then this bill, no matter how good the good points are, will be a disaster. CAN SPAM also preempted state laws and we all know how effective that was just by looking at our inboxes.

For a more extensive examination of the bill's failings, head on over to Ben Edelman's analysis of the SPY ACT.

My Opinion

Like most legislation, SPY ACT has its good points and its bad points. The bill has good intentions and hasn't been watered down entirely by industry lobbyists, something that tends to happen to most laws aimed at privacy. My opinion is that I hope it passes, but I hope that the Senate edits out a few lines first.

Permalink | Top

Program: Window Washer 6.0 (New Version Release, now with Mozilla / Firefox support)
Author: Webroot Software
Platform: Windows 95, 98, ME, NT, 2000, XP
License: $29.95 (Only $19.95 until June 1, 2005 when you use our special page)
Bundle Offer: Buy Window Washer and Spysweeper together for only $39.95
Purchase: Click here to purchase (http://www.webroot.com/products/specialsdb.php?code=ekbk4&rc=325)

Window Washer is a very cool, very useful program. You could spend an hour rummaging through your computer deleting your browser cache, cookies, temp files, address bar history, and even those nearly impossible to delete index.dat files. With Windows Washer, you don't have to waste all that time and energy. Window Washer makes doing these tasks quick and easy.

When I tested Window Washer for the first time, it cleared out an amazing 700MB worth of garbage files, most of it temporary files left over from programs that hadn't cleaned up after themselves. It deleted all of these files very quickly. Since then, it has deleted over 10 GB of trash files through regular cleanings.

Window Washer also deleted the index.dat file in my browser cache, a file that Windows normally refuses to let you alter. It reduced it from 1.8MB all the way down to 32KB. There is an optional setting to clean out the browser cache, address bar history, cookies, and other internet usage traces every time the browser is closed.

There is an option to overwrite "slack space". "Slack space" refers to areas of the hard drive that show as empty to the system, but might contain data that was deleted previously. Another option adds "bleach to the washing". That is Window Washer's way of saying that it overwrites data with gibberish several times to prevent data recovery programs from putting deleted files back together. The number of times it will overwrite these files can be configured to NSA (7 passes), DoD (3 passes), and Gutmann standards (35 passes). You can also set it to whatever number you want.

If you have any problems with the ordering page , please email Catherine http://www.spywareinfo.com/email2.php.

Permalink | Top

This is perhaps the most bizarre piece of news to land in my inbox in a long time. CoolWebSearch is claiming to have gone legit.

Pick yourself up off the floor and get back in your chair. I'm serious here.

CWS, long the poster child for the need to have browser hijackers outlawed, claims that they do not allow people to distribute software by way of browser hijacks. They say that 95% of all browser hijackers blamed on CWS are actually competitors out to smear their "good name". In other words, they're saying they've been framed.

Personally, I don't buy it. Their "competitors", I assume, are other pay-per-click "search engine" sites. Many of these sites, I have found, tend not to care at all how they drive people to their web sites and routinely hijack computers to force people there unwillingly. Considering this fact, why bother to smear a competitor by driving traffic to the competitor's site using the same techniques they themselves use? That makes no sense.

I am willing to concede that some of the hijacker web sites listed by many as affiliated with CWS are not connected to them. The last time I saw that list, there were well over a thousand web sites on it. I'm sure there are a few mistaken entries in such a lengthy list.

Still, the fact remains that many thousands, possibly millions, of web browsers are routinely hijacked to go to web sites who ultimately feed "visitors" to coolwebsearch.com. That is no accident and certainly is too large in scale to be a smear campaign. Despite CoolWebSearch's promise to terminate affiliates who hijack computers, I do not predict any reduction in the number of people coming to our message board complaining of browsers hijacked to point to coolwebsearch.com or its affiliates' web sites.

Permalink | Top

I had an interesting experience with Adobe Reader's updater last week. It tried to force me to install the Yahoo Toolbar.

First, let me say that this looks more like a bug in the updater than a deliberate attempt on Adobe's part to force install software I didn't want. However, if it is a bug, it's a very convenient bug (for Adobe).

I ran Adobe Reader's updater and it listed a few things I could install. The Yahoo toolbar wasn't on the list. I chose Adobe Reader 7 to upgrade from version 6 by clicking the "add" button to move it to the "selected items" list. From out of nowhere, Yahoo's toolbar showed up in the list of items I had selected.

Okay, I thought, that's annoying. I didn't put that there. I didn't even see it as an option and wouldn't have chosen it if I had. I click on it so that I can remove it from the list. This is where the situation goes from annoying to downright sleazy. The "remove" button would not activate when I selected the toolbar. It seemed as if the updater was going to force that toolbar on me if I wanted to upgrade Adobe Reader.

I closed the program and started the updater again. The second time, the toolbar was listed as a choice. I selected the upgrade to version 7. Again, the toolbar appeared in the download list without my approval. However, I was able to remove it from the list this time and installed the update to Reader without a problem. I should note that Reader version 7 has some sort of Yahoo search bar integrated right into it. I believe what version 6 was trying to install was the toolbar for Internet Explorer, not an integrated search feature for Adobe Reader.

The reason I went through all of this was to verify some rumors that I had been hearing. People were telling me that Adobe was forcing users to install the Yahoo toolbar. A few people even provided links to forums and newsgroups where users said it had happened to them.

Although I think this is a bug in version six's updater program, it certainly looks bad. For all intents and purposes, the updater did try to force me to download the toolbar, even if it was accidental. Adobe really should be more careful than that. Nothing will cause a nasty public backlash quicker these days than for one program to bundle another forcibly. That is what spyware companies do. Legitimate companies should know better.

Permalink | Top

Have you ever had a program crash so badly that it locks up and refuses to go away? I don't mean the infamous blue screen of death (BSOD). I mean when something crashes and you can't get rid of the crashed window, although the computer still apparently works. You can see the other programs running if you use ALT + TAB and maybe you can even see the task bar. The window of the crashed program remains on the screen and refuses to allow any other window to appear over it. The only thing you can do to make the computer work is to reach for the power button.

This tends to happen to me occasionally. I have a couple of old PC games that were written for Windows 98. They tend to not get along very well with XP. They crash frequently and occasionally they freeze in place instead of simply exiting.

If this happens to you, then you know how annoying it is. GRC.com has a program that deals with problems exactly like this one. It is called Wizmo. It is the only thing I have found for dealing with crashes like the one I described short of yanking out the power cable.

One of the many useful things Wizmo can do is to force the computer to log off or restart. And by "force", I do mean "FORCE". No matter how badly the computer is locked up with a crashed program, no matter how loudly Windows protests about shutting down improperly, if the computer can function just enough to let you activate Wizmo, the computer will shut down. To date, I have not managed to freeze the computer badly enough that Wizmo cannot force it to shut down or log off, assuming I can activate it at all.

This is how you set up Wizmo to force the computer to log off.

Download Wizmo from GRC.com. Put it somewhere on your hard drive (I suggest c:\Program files\GRC\) and then make a shortcut to it on your desktop. The shortcut must be on your desktop, not the quick launch bar.

Refer to this screen shot if you get lost following these instructions.

Now, right-click on that shortcut and left-click on properties. In the box labeled "Target:", put in the following: "C:\Program Files\GRC\wizmo.exe" logoff!. That assumes you put Wizmo in the GRC folder under Program Files.

Now, left-click inside the box that says "Shortcut Key". Press the following three buttons on your keyboard at the same time: CTRL ALT 1. You should see Ctrl + Alt + 1 in that box. Press the "OK" button. If you don't want to use CTRL ALT 1, make sure you use a combination that you cannot press by accident.

You now should have the ability to force your computer to log off just by pressing those three keys together. You probably will need to press ALT + TAB at least once first in order to focus the desktop before Wizmo will work. Even if you can't see the desktop, it should be focused.

Be extremely careful with that shortcut. Use it only in case of extreme emergency, because come Hell or high water, your computer is going to log off if you activate it. Don't use it in the place of logging off normally because you might damage Windows somehow.

You can make Wizmo do an impressive number of other tricks. The program itself will explain them all if you start it without the shortcut. It has never failed to log off, shut down or reboot my computer, no matter how badly stuck it is. If I can activate Wizmo, I can use it to force Windows to do whatever I tell it to do.

Permalink | Top

I've mentioned several times that I've been hacking a Wordpress blog for use on SpywareInfo. I am nearly finished with it. Unfortunately, I've run into a couple of problems that keep me from linking to it, even as a beta site.

For one thing, I have a nasty suspicion that if I put all the newsletters under one category, anyone going to a listing of that category would have every single newsletter ever written loaded inside of one page. Four years worth of newsletters all at once probably would be enough to crash most computers.

I'll keep working on it. I should have the problems worked out and be ready to start copying all of my articles and newsletters over to it very soon.

Once I've done all that and switched over to it, readers will be able to leave comments (heavily filtered for spam) on each article and newsletter. The new search engine will search a database of every word published on the site, instead of just searching Google's index of the site. I've found that searching for something on the site via Google is painful since it groups message board posts in with content from the main web site. The RSS feed will be updated automatically, something that I must do manually at the moment (and something that I forget to do more often than not).

To see an example of how it will work, take a look at DogReader. That site also runs on Wordpress and it has worked out very well. The articles there are written by my SWI partner, Catherine.